Version 6

    Summary

     

    You may find that during an on-premise data migration or site copy you will need to reset your application's encryption keys in order for the Jive application to correctly start back up.  Follow the troubleshooting steps below for how to reset these keys.

     

    Please note, if you are actively using Jive Cloud Search on your instance, you will need to coordinate this work with Jive Support, otherwise resetting the application's encryption keys will cause Cloud Search to stop functioning until a similar process is performed on the Cloud Search service for your instance.

     

    If you continue to have issues please reach out to Jive Support by filing a new support case.

     

     

    Version

    • Verified for Jive Custom 5, 6, 7, 8

     

    Details

     

    If you see any of the following messages, either in Jive or in Jive's sbs.out or sbs.log files, then you will need to proceed with resetting the application's encryption keys.

    The encryption key is not set up properly, found in the application home crypto directory. Please ensure the Jive System Property 'jive.master.encryption.key.node' matches one of the node.id files in this cluster, or the node.id of this instance when running in a non-cluster environment. The node.id file can be found in the application home directory. If unmatched and the contents of the crypto directory cannot be restored from a backup, delete the Jive System Property and a new key will be generated upon restart. You will also need to delete existing entries in the jiveCredential table to reset user credentials to the new key, then users will be able to supply their bridge credentials again.

     

     

    ERROR com.jivesoftware.base.credentials.impl.DefaultEncryptionProvider - Unable to decrypt token with the current encryption key.  Ensure the key file /usr/local/jive/applications/sbs/home/crypto/default-creds-key in every node is copied from node with ID 'b1233c8c-91de-423c-bdb1-e82b861cd183'. Node ID is stored in the /usr/local/jive/applications/sbs/home/node.id file.  If this has already been performed, the user will need to reset new credentials.

    javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher

     

     

    Resetting the encryption keys

     

    Do the following on all nodes:

     

    • Ensure all home/node.id files have different values
    • On each node, delete home/crypto/default-creds-key-master-node
    • On each node, delete home/crypto/default-creds-key
    • Delete the jive.master.encryption.key.node property in Admin Console >> System >> Management >> System Properties
      • Alternatively you can delete this from the Database too under the jiveproperty table if you already took the instance down.
      • note: Verify that this property is deleted from all nodes.
    • Backup, then truncate jiveCredential table in the database
      • pg_dump -U postgres --inserts --data-only --blobs --table=[TABLE] -f [FILENAME].sql  [DATABASE];
      • truncate [TABLE];
    • Take the instance down
    • Restart Node 1 only
      • home/crypto/default-creds-key and home/crypto/default-creds-key-master-node  should be regenerated in Node 1.
    • Copy home/crypto/default-creds-key and home/crypto/default-creds-key-master-node to all other nodes
    • Do a full restart.

     

     

    Cloud Search Customers:

    Please note, if you are actively using Jive Cloud Search on your instance, you will need to coordinate this work with Jive Support, otherwise resetting the application's encryption keys will cause Cloud Search to stop functioning until a similar process is performed on the Cloud Search service for your instance.

     

     

    Copying encryption keys from another instance

    If you are seeing the above errors after an upgrade, you may be able to resolve the issue by copying encryption keys and system properties from the old system. You will need to ensure that all of the individual files noted in the instructions below are retained, as well as the jive.master.encryption.key.node system property file.